ThreatTrack Identifies Fake Facebook Profile Viewer Scam

Experts observed that a Tumblr blog, Candycrushsagafreelifes(dot)tumblr(dot)com that's crafted to trick Internauts into installing an application (app) that can supposedly authorize them to know who has been visiting their Facebook profile.

Internauts who pursue the guidelines and download the so-dubbed profile viewer are served with an executable file known as "ProfileViewersSetup.exe."

Once it is launched, the executable file apparently does not do anything but a shady web-browser extension is installed onto the victim's computer.

The fascinating part about this malicious attack is that shady extension is installed on the victim's computer very quickly and if the victim uses Mozilla Firefox then one of the following things will happen depending upon the browser open or not.

If Mozilla is open, it will shut down for some seconds before re-opening again with a notification on the screen before closing again.

If Firefox is not open, then it will suddenly spring into life with a notification before closing quickly as it arrived.

The notification will be on the screen for about a second only.

When Chrome web browser is opened it instantly redirects the Internauts to another bogus profile viewer website that pops-up the normal survey forms "in an attempt to make some affiliate cash from anyone eager to pass over their personal credentials/phone number/ or for that matter anything else to third party promoters".

Victims are recommended to check Mozilla for an extension nicknamed WhoViewS5.2 by "Crosk safari". The extension also employs a Flash logo as the extension image.

ThreatTrack asserts that its security researchers are continuing to study the aim of this extension but they are confident it's not good.

The security vendor detects ProfileViewersSetup.exe as Trojan.Win32.Clicker!BT with Virus total as 21/47.

It has been observed that files such as above are always going to pose problems and so users need to be careful and think twice before downloading/installing any form of profile viewer regardless of social network. Such scams have been around for years and will continue to be unless we get skeptical and careful them.